4e57422f5a93246a3d792809c5120004a9d5a7ca4886a5666e3a4d70455597f4

Analysis

max time kernel
0s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 14:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43ddcb91a70868b5365798f2eaea3b8c.html
Size

16KB
MD5

43ddcb91a70868b5365798f2eaea3b8c
SHA1

f12eddf8db80534607298bf98165301d942ffe10
SHA256

4e57422f5a93246a3d792809c5120004a9d5a7ca4886a5666e3a4d70455597f4
SHA512

35b7147b8adf5ac55f3891054728364beb84b9ed49f057d0d2d9bd9a912aa7819a084c3228c99d97f465d6d731d0c3ba1d718ca3421d32959f55be100c6abadb
SSDEEP

384:ln8uqnGDnW0qkqUFwRFcn1jHk0J9S1bKFRJuM8Bv9Ll7jBiUs7u2SX7kZ4Qd4Lus:ln8vGDnBiA4v/

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 20 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D5BEB0B1-ABD2-11EE-9C0C-D6882E0F4692} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1956	iexplore.exe
1956	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 2220	1956	iexplore.exe	17
PID 1956 wrote to memory of 2220	1956	iexplore.exe	17
PID 1956 wrote to memory of 2220	1956	iexplore.exe	17
PID 1956 wrote to memory of 2220	1956	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\43ddcb91a70868b5365798f2eaea3b8c.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1956 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:2220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7e701d8264ba4017e6762b323979820

SHA1
0010b750f272dbf09774f1850a366b9dd9252c09

SHA256
0a0b67a5ab2761c95d1be68e1e7b218878263a1af1101c801de0fcf70740ccbe

SHA512
2d1c42ba56ef9c47ee1b146c195abdc911b282c113f429b594ba62bfd0db1c0f37ed4d9fb86058fc87bd7afa814c4b9b1e88c20005c5cc924641e10ea5203201

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6652f1d7a540affe89879b9a32f21b22

SHA1
290c43317463c0c95cd9bdd5755251eb3c3bc574

SHA256
7939dc48d42474853590779741572234ede8209a7d48bc82f98265cc9a5febb7

SHA512
1d5756145c5045f69a28c5d098b5ea889a492bfaeb28115698680313897265c2ded8a9184798919bf33b79754fc4a2608e9142e3a56c06f508eac9da840751ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a36134a8742d55e1e92a43e2fe0b1722

SHA1
7d229ab345fa3b150c582a4c1a0fa9c0f09ecc75

SHA256
9346a1c6e4017aebbbe27d1eecc54084ff621efa4a0efdb93bfbd1710101506f

SHA512
fe551c47bc9a997585be4b2af0c31656814648285aedfeb484b0cbf7a4457433fe0f95b115a754d970731800efad080ae655629da4e356343a274dfedb0ca060

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cee7a3bcc6d80a976506866453f14d93

SHA1
a93503ea761975d464fa24bb484f3c24691de26c

SHA256
e861dcb3db2367d3ceb95e4cdb9372766bff52b28daba86f37537ade0f9d9272

SHA512
d56386227e4aadbd92d9d82aa35ecc7b9f96afe8e6a7f33c9cdaa779fbc9502344b5bf36647fabbe4aa6fcde331028156dd80188e7d038c2294c38cdf4d5fb60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dff6478888d8dbab2e2fb235bb0370f0

SHA1
a6dc68ca97e946636d6c5ac86328f64e65887ad3

SHA256
fc5cd54fd28a32e5582b95aa354b119008faa7763f78a7d62ec02f26475d987d

SHA512
6b08f5d3dc85e8023da8f6e0f9c7bfa0b073a4beb354370b7c20b7689411db0f40fee918f1a049c4842872dbd8680c5c8443da6fb650ab51260930ff32b56874

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84bb28f21e19a021bc81431a8c2a92c2

SHA1
5cceafed42972602a2dd7e7df9c50fc75da31c94

SHA256
05a9216486ee2b4b473b98d3e0c51a0d7e7937c4091ca141ae1d6ac674989115

SHA512
853fddf98a5b7a3085963faaee93253d536fef74a072a34b832d4c9377bb4f4c1613b90882a0d8801e8e5bb51bf19ee3e66fd5c0297b3e8cd9d062a3b52b1e37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed0d2ca46e95af793237510c273f0e2c

SHA1
2c7a3ca05e9a40a8ae281ccf4e8f8a4e3445751e

SHA256
9d2ed17a14553cd6569c343a4adafa2d60d9bf43b9f6bb963e430d7da2ec6e43

SHA512
b7718e02950efa2fe70359bacb04eae1aea97aceaeeee11c81658db1e7ec173f3005857fe793a3aca2c2226d5efba5a97a1e0132315d17dbd22609abd273bea5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bca926419667b4abf62c5615ec2ff4aa

SHA1
8f58ef6dbc7315c5da629cd2a5fa6c5992c9f86b

SHA256
89a550d17ff46af8c75287ea816c89b68c8ac52d7ef81c54c89b02fd14cc2ef4

SHA512
27de4658bcbe118d0c947aafc5c4e47c3bca2c3813fdfb6ba78ab0a502773098b02ce77c1d098cf2511db068810f8b13ca6aaca03f446af08ad0810974351f56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9fc80883b8fd4c7b3657ee60c7b1e514

SHA1
10954f5f985fcf3bcb3a588566014afcf6ec949c

SHA256
93e9cbe26f49f5cfe42210a04380da3eed93ad214723717964cee8642514f280

SHA512
8afb66bde1202ce30239d8601039f43600da90c4c52e86f35501239e88e2c63dc92f2e69f70e4581f5fc63b6ed932fd0db583dad9edcd1d57b7f99c46efd569a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffd2d2e13e06c5c7992d632bb6198a10

SHA1
31349d2aacf257130ebf9c1409962f6636ebb898

SHA256
03cc506f53f90f9a229c3563804b251d9109393f87674e88934e9ba1e89b64d6

SHA512
555a16162786147f8363bdcff4bd6d01f45202bb6e770297ae6d0f0855afb332ef8dfec3b086c57aa03bfd7b095efa34b575612550c12be83c3df3ba6c3111b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d416609cacedbea617e47f74758875d5

SHA1
e5039d8debcb00d8c6955a6b7cc5cb539411e97e

SHA256
06f942f20be569ce80a8253a7276f51c956c1c1aa1c974ccae08f794b722be71

SHA512
5bfcb6007e6adeddb7604bb574a556ca0786eb9788318cbb56cb68c656e3cc95a438ef09f54f0adc32320753ac2676b812e7aa73fc255b60b34a9bbda94d58b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e61aa506547e89746f460c9c3f69009a

SHA1
e1a0a99c67af7eae68966a57e2708ab989be846b

SHA256
a8e20ef931e633d1abf9017a47b4bb0fc14dec358030f397ffde3a1bb2a740cd

SHA512
b58172d8da3ef636aa58711dbd47ad37bcfd7fa8ef302ef6fa4d0a654529a0069c8afed9bc3e9c3f78a4704520d123820948155f600d760984c22d69870923a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5b77bb4aefb7ff96b9da051d8abff7f

SHA1
80a1327b80d9ba78f6c5b9b70c6b99f9240c80ab

SHA256
6e96c99a8e93b352ce6401e4bdfae93596c3f0927fe8f5a493998dcbaa3355a0

SHA512
5f7f53be6bb4962b9ad28cf6b8d3fdf9f766cba1640f6c2697ca8eed73c48018060b2dc26248d0355edc63692df0b748233ee608542792b19922d5067b50a5a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4cfa21656d7366da064ffffa1ee3c335

SHA1
07115de1a1a432f3323cea66c352590abae61ccb

SHA256
e8120a2f65a986c5a761a76e760ecd9d0a06ba0fa327f63833714d6dff5b3c2f

SHA512
901d947bc62a2242a45d1cefd36778dbb1b1f3a7c04d692c5f4b5051dd02753aa44c116b1d6968ac86a6662d9ac69375a57d0725b7ce1cf34f4fd2b3e58a4d01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2712.tmp

Filesize
61KB

MD5
e0442f91b8e6e8e0b90b037ea510424d

SHA1
14dfb16f4a5ab7a382dc9c47acbeeb55763bdd86

SHA256
4c9b9cfb05fb59e330f45d14f763f2aab45ebec5908e71675123e448f40e1ed3

SHA512
2cf512c1d53a1a635bafd5036290f552db00b3bc5d1cb74bdcc3f550632b3e0f17620e4e42aaa22dbe5870066483ee156fa84f38ac8aaf2d6c0020e9c92dc764

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar27D1.tmp

Filesize
43KB

MD5
02b7a194f261dcc0ebc9cbc124d19bf3

SHA1
1a7744cb200171e28d61cf06193534b4651024db

SHA256
7d5301585b700a1424712c6d2a46118065cb3395b1b2534ea2b9a54fd3083d40

SHA512
e6576cbc45b0a8197fe85dfca4f5e33a761cab39674caa73130c97a3f2952b65044ea3d5fc3cf1c67a7975cbbe7b8de62722fda089dc91a9bdd2433e4b6667be

Download Submit